@system blocks and safer @trusted (ST) functions
Paul Backus
snarwin at gmail.com
Sun Jul 25 14:36:27 UTC 2021
On Sunday, 25 July 2021 at 14:19:47 UTC, Bruce Carneal wrote:
> On Sunday, 25 July 2021 at 13:42:52 UTC, Paul Backus wrote:
>> On Sunday, 25 July 2021 at 12:56:33 UTC, Bruce Carneal wrote:
>>> As hopefully understood from my earlier comments, these are,
>>> qualitatively, not the same thing. You will still have to
>>> check a conversion to a new style @trusted function manually
>>> of course, no work savings there, but you'd gain something
>>> pretty important: the compiler's assertions regarding your
>>> remaining @safe code might actually mean something.
>>
>> Memory safety is a global property. If even a single line of
>> your new-style `@system`-block (or old-style `@trusted`
>> lambda) causes undefined behavior, it does not matter one bit
>> what the compiler asserts about the `@safe` code in your
>> program: the entire process is corrupted.
>
> I do not know of any competent programmer who would say
> otherwise.
>
> I also do not know what this has to do with a discussion
> regarding debasing/improving @safe. What am I missing?
It is a response to the claim that "the compiler's assertions
regarding your remaining @safe code might actually mean
something." They mean exactly the same thing with your proposal
as they do without it: that the `@safe` portion of the program
does not violate the language's memory-safety invariants directly.
More information about the Digitalmars-d
mailing list